Older handsets were relatively immune from airborne viruses because they lacked functionality. However, Internet-enabled smart phones are facile hosts for infection. For example, the 911 virus flooded Tokyo's emergency response phone system using an SMS (short message system) message. The message, which hit more than 100,000 mobile phones, invited recipients to visit a Web page. Unfortunately, when the users attempted to visit the Web site, they activated a script that caused the phones to call 110, Tokyo's equivalent of the United States' 911 emergency number. Thus, the virus could have indirectly resulted in deaths by denying emergency services.
A potential vulnerability of SMS is that it allows a handset to receive or submit a short message at any time, independent of whether a voice or data call is in progress. In addition, if the handset is unavailable, the message will be stored on the central server. The server will then retry the handset until it can deliver the message.
Another example of such a virus occurred in Scandinavia. When a user received the short message, the virus locked out the handset buttons . This effectively became a denial-of-service attack against the entire system.
Similarly, a Norwegian company found another example of malicious code. In this case, Norway-based WAP service developer Web2WAP was testing its software on Nokia phones. During the testing, it found that a certain SMS was freezing phones that received it. The code knocked out the keypad for up to a minute after the SMS was received. This is similar to format attacks that cause crashes or denial-of-service attacks against Internet servers.